Configure Windows Defender Firewall with Advanced Security for RDP Shortpath
To allow inbound network traffic for RDP Shortpath, use the Microsoft Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules.
- Open the Group Policy Management Console to Microsoft Defender Firewall with Advanced Security.
- In the navigation pane, select Inbound Rules.
- Select Action, and then select New rule.
- On the Rule Type page of the New Inbound Rule Wizard, select Custom, and then select Next.
- On the Program page, select This program path, enter %SystemRoot%\system32\svchost.exe, then select Next.
- On the Protocol and Ports page, select the UDP protocol type. In the Local port, select Specific ports and enter the configured UDP port. If you've left the default settings on, the port number will be 3390.
- On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then select Next.
- On the Action page, select Allow the connection, and then select Next.
- On the Profile page, select the network location types to which this rule applies, and then select Next.
- On the Name page, enter a name and description for your rule, then select Finish.
When you're done, verify that the new rule matches the format as seen below.
You can also use PowerShell to configure Windows Firewall:
New-NetFirewallRule -DisplayName 'Remote Desktop - Shortpath (UDP-In)' -Action Allow -Description 'Inbound rule for the Remote Desktop service to allow RDP traffic. [UDP 3390]' -Group '@FirewallAPI.dll,-28752' -Name 'RemoteDesktop-UserMode-In-Shortpath-UDP' -PolicyStore PersistentStore -Profile Domain, Private -Service TermService -Protocol udp -LocalPort 3390 -Program '%SystemRoot%\system32\svchost.exe' -Enabled:True